If you are able to wrongly view sites on your policy that you desire to block, this article will help you to localize the issue and solve it quickly.
When websites are wrongly allowed, there are three possible areas of causation:
- A computer issue. This is related to Caching or DNS setting not being applied for this particular machine.
- A network issue. The location may be incorrectly configured in the DNSFilter dashboard or on your LAN network equipment. (See Site Deployment Guide and Site Troubleshooting and Transparent Proxying)
- 3. A policy issue. The appropriate categories may not be blocked or not applied to the correct sites. (See Policies)
Question 1 - Is it only this machine?
(If you are certain it is more than one machine, skip to the next question)
If you know that only one device/machine is having the problem, you can effectively eliminate network equipment from the scope of troubleshooting. If there is only one computer with the issue, the following troubleshooting steps will assist you getting this computer connected.
- Perform a MyIP test using the instructions in the Not Connected article. If performing an
nslookup myip.dnsfilter.com.does not return a successful query, then this particular devices is not pointed to DNSFilter for resolution. The adapter settings may be set to point to some other DNS server, which is why you are able to view sites you have blocked in your policy. You’ll need to change the network adapter settings to point to DNSFilter, either on the device itself or through another means.
- Perform a fresh block test. Sometimes, due to browser Caching, you are able to view sites you have blocked in your policy, because those sites were viewed prior to adding them to the Block list. This means that, although on DNSFilter’s end the site is blocked, your browser has stored the information locally and is displaying it to you. You should perform a fresh block test by adding a new domain to your Block listand them attempting to access it in incognito mode in your browser.
Question 2 - Is it only this policy?
If multiple devices on a given network are able to access a forbidden website, then the problem lies in a site-wide configuration issue or a policy issue. See the steps below:
- Follow the steps in the Not Connected article so that you can be sure your site is actively passing traffic to our servers. If your site is not passing traffic, follow the instructions in that article to connect all of your site’s IPs to the dashboard
- Setup a category, such as “Adult Content” to be blocked in your policy. Attempt to visit
adult.filterdns.netfrom an incognito-mode browser. You will either see a block notification, or a notice that the adult category is not being blocked. If the category is blocked, you know that your site is connected and that you are referencing one of your policies. The issue probably lies with the particular website. It is likely that the site uses more than one address, and users are able to view the site even if you have blocked the main domain. You can view our Pages Not Loading article to find all of the relevant domains for that site and add them to the Block list.
- If it seems that some sites are being blocked, and some sites are not, the most likely cause is that the wrong policy is applied to the wrong location. Go to the “Deployments” section of the dashboard, and check to see if your policy assignment is correct